Versions Compared

Old Version 6

changes.mady.by.user Thomas Lenggenhager

Saved on

compared with

New Version 7

changes.mady.by.user Michael Domingues

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: spelling

...

  • The simplest thing in most cases is just to update your shibboleth2.xml file in place by changing the namespace declaration at the top of the file from urn:mace:shibboleth:2.0:native:sp:config to urn:mace:shibboleth:3.0:native:sp:config (there are usually two mentions of the namespace in the root element). Note the difference there, the 2.0→ 3.0 in the string.

    Be sure to review all "MetadataProvider" elements in the shibboleth2.xml file for "file" and "uri" attributes.  These attribute names are no longer valid in the 3.0 namespace and must be replaced with the "path" and "url" attribute names.  Examples below.

    Code Block
    languagexml
    titleOld MetadataProvider
    collapsetrue
    <MetadataProvider type="XML" uri="http://federation.org/federation-metadata.xml" backingFilePath="federation-metadata.xml" reloadInterval="7200">
    <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
    <MetadataFilter type="Signature" certificate="fedsigner.pem"/>
</MetadataProvider>


<MetadataProvider type="XML" file="idp-metadata.xml"/>
    Code Block
    languagexml
    titleNew MetadataProvider
    collapsetrue
    <MetadataProvider type="XML" url="http://federation.org/federation-metadata.xml" backingFilePath="federation-metadata.xml" reloadInterval="7200">
    <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
    <MetadataFilter type="Signature" certificate="fedsigner.pem"/>
</MetadataProvider>


<MetadataProvider type="XML" path="idp-metadata.xml"/>
  • Alternatively you can start with the default shibboleth2.xml.dist file and transfer your settings to a new copy of shibboleth2.xml, but that has a tendency to break things because it's hard to reproduce complex settins settings accurately.

The V3 default filename remains "shibboleth2.xml" to facilitate the upgrade process. Any settings that are flagged with warnings may be removed from the updated XML schema and prevent the system from loading the file if the namespace is updated, so they should be corrected as part of the process and once the system is operating with the new file you're done.

...